1/* $NetBSD: smtp.c,v 1.10 2017/02/14 01:16:48 christos Exp $ */
2
3/*++
4/* NAME
5/* smtp 8
6/* SUMMARY
7/* Postfix SMTP+LMTP client
8/* SYNOPSIS
9/* \fBsmtp\fR [generic Postfix daemon options]
10/* DESCRIPTION
11/* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail
12/* delivery protocols. It processes message delivery requests from
13/* the queue manager. Each request specifies a queue file, a sender
14/* address, a domain or host to deliver to, and recipient information.
15/* This program expects to be run from the \fBmaster\fR(8) process
16/* manager.
17/*
18/* The SMTP+LMTP client updates the queue file and marks recipients
19/* as finished, or it informs the queue manager that delivery should
20/* be tried again at a later time. Delivery status reports are sent
21/* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as
22/* appropriate.
23/*
24/* The SMTP+LMTP client looks up a list of mail exchanger addresses for
25/* the destination host, sorts the list by preference, and connects
26/* to each listed address until it finds a server that responds.
27/*
28/* When a server is not reachable, or when mail delivery fails due
29/* to a recoverable error condition, the SMTP+LMTP client will try to
30/* deliver the mail to an alternate host.
31/*
32/* After a successful mail transaction, a connection may be saved
33/* to the \fBscache\fR(8) connection cache server, so that it
34/* may be used by any SMTP+LMTP client for a subsequent transaction.
35/*
36/* By default, connection caching is enabled temporarily for
37/* destinations that have a high volume of mail in the active
38/* queue. Connection caching can be enabled permanently for
39/* specific destinations.
40/* SMTP DESTINATION SYNTAX
41/* .ad
42/* .fi
43/* SMTP destinations have the following form:
44/* .IP \fIdomainname\fR
45/* .IP \fIdomainname\fR:\fIport\fR
46/* Look up the mail exchangers for the specified domain, and
47/* connect to the specified port (default: \fBsmtp\fR).
48/* .IP [\fIhostname\fR]
49/* .IP [\fIhostname\fR]:\fIport\fR
50/* Look up the address(es) of the specified host, and connect to
51/* the specified port (default: \fBsmtp\fR).
52/* .IP [\fIaddress\fR]
53/* .IP [\fIaddress\fR]:\fIport\fR
54/* Connect to the host at the specified address, and connect
55/* to the specified port (default: \fBsmtp\fR). An IPv6 address
56/* must be formatted as [\fBipv6\fR:\fIaddress\fR].
57/* LMTP DESTINATION SYNTAX
58/* .ad
59/* .fi
60/* LMTP destinations have the following form:
61/* .IP \fBunix\fR:\fIpathname\fR
62/* Connect to the local UNIX-domain server that is bound to the specified
63/* \fIpathname\fR. If the process runs chrooted, an absolute pathname
64/* is interpreted relative to the Postfix queue directory.
65/* .IP \fBinet\fR:\fIhostname\fR
66/* .IP \fBinet\fR:\fIhostname\fR:\fIport\fR
67/* .IP \fBinet\fR:[\fIaddress\fR]
68/* .IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR
69/* Connect to the specified TCP port on the specified local or
70/* remote host. If no port is specified, connect to the port defined as
71/* \fBlmtp\fR in \fBservices\fR(4).
72/* If no such service is found, the \fBlmtp_tcp_port\fR configuration
73/* parameter (default value of 24) will be used.
74/* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR].
75/* .PP
76/* SECURITY
77/* .ad
78/* .fi
79/* The SMTP+LMTP client is moderately security-sensitive. It
80/* talks to SMTP or LMTP servers and to DNS servers on the
81/* network. The SMTP+LMTP client can be run chrooted at fixed
82/* low privilege.
83/* STANDARDS
84/* RFC 821 (SMTP protocol)
85/* RFC 822 (ARPA Internet Text Messages)
86/* RFC 1651 (SMTP service extensions)
87/* RFC 1652 (8bit-MIME transport)
88/* RFC 1870 (Message Size Declaration)
89/* RFC 2033 (LMTP protocol)
90/* RFC 2034 (SMTP Enhanced Error Codes)
91/* RFC 2045 (MIME: Format of Internet Message Bodies)
92/* RFC 2046 (MIME: Media Types)
93/* RFC 2554 (AUTH command)
94/* RFC 2821 (SMTP protocol)
95/* RFC 2920 (SMTP Pipelining)
96/* RFC 3207 (STARTTLS command)
97/* RFC 3461 (SMTP DSN Extension)
98/* RFC 3463 (Enhanced Status Codes)
99/* RFC 4954 (AUTH command)
100/* RFC 5321 (SMTP protocol)
101/* RFC 6531 (Internationalized SMTP)
102/* RFC 6533 (Internationalized Delivery Status Notifications)
103/* RFC 7672 (SMTP security via opportunistic DANE TLS)
104/* DIAGNOSTICS
105/* Problems and transactions are logged to \fBsyslogd\fR(8).
106/* Corrupted message files are marked so that the queue manager can
107/* move them to the \fBcorrupt\fR queue for further inspection.
108/*
109/* Depending on the setting of the \fBnotify_classes\fR parameter,
110/* the postmaster is notified of bounces, protocol problems, and of
111/* other trouble.
112/* BUGS
113/* SMTP and LMTP connection caching does not work with TLS. The necessary
114/* support for TLS object passivation and re-activation does not
115/* exist without closing the session, which defeats the purpose.
116/*
117/* SMTP and LMTP connection caching assumes that SASL credentials
118/* are valid for all destinations that map onto the same IP
119/* address and TCP port.
120/* CONFIGURATION PARAMETERS
121/* .ad
122/* .fi
123/* Before Postfix version 2.3, the LMTP client is a separate
124/* program that implements only a subset of the functionality
125/* available with SMTP: there is no support for TLS, and
126/* connections are cached in-process, making it ineffective
127/* when the client is used for multiple domains.
128/*
129/* Most smtp_\fIxxx\fR configuration parameters have an
130/* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
131/* feature. This document describes only those LMTP-related
132/* parameters that aren't simply "mirror" parameters.
133/*
134/* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8)
135/* processes run for only a limited amount of time. Use the command
136/* "\fBpostfix reload\fR" to speed up a change.
137/*
138/* The text below provides only a parameter summary. See
139/* \fBpostconf\fR(5) for more details including examples.
140/* COMPATIBILITY CONTROLS
141/* .ad
142/* .fi
143/* .IP "\fBignore_mx_lookup_error (no)\fR"
144/* Ignore DNS MX lookups that produce no response.
145/* .IP "\fBsmtp_always_send_ehlo (yes)\fR"
146/* Always send EHLO at the start of an SMTP session.
147/* .IP "\fBsmtp_never_send_ehlo (no)\fR"
148/* Never send EHLO at the start of an SMTP session.
149/* .IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR"
150/* Defer mail delivery when no MX record resolves to an IP address.
151/* .IP "\fBsmtp_line_length_limit (998)\fR"
152/* The maximal length of message header and body lines that Postfix
153/* will send via SMTP.
154/* .IP "\fBsmtp_pix_workaround_delay_time (10s)\fR"
155/* How long the Postfix SMTP client pauses before sending
156/* ".<CR><LF>" in order to work around the PIX firewall
157/* "<CR><LF>.<CR><LF>" bug.
158/* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR"
159/* How long a message must be queued before the Postfix SMTP client
160/* turns on the PIX firewall "<CR><LF>.<CR><LF>"
161/* bug workaround for delivery through firewalls with "smtp fixup"
162/* mode turned on.
163/* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR"
164/* A list that specifies zero or more workarounds for CISCO PIX
165/* firewall bugs.
166/* .IP "\fBsmtp_pix_workaround_maps (empty)\fR"
167/* Lookup tables, indexed by the remote SMTP server address, with
168/* per-destination workarounds for CISCO PIX firewall bugs.
169/* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
170/* Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
171/* as required
172/* by RFC 5321.
173/* .IP "\fBsmtp_reply_filter (empty)\fR"
174/* A mechanism to transform replies from remote SMTP servers one
175/* line at a time.
176/* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
177/* Skip remote SMTP servers that greet with a 5XX status code.
178/* .IP "\fBsmtp_skip_quit_response (yes)\fR"
179/* Do not wait for the response to the SMTP QUIT command.
180/* .PP
181/* Available in Postfix version 2.0 and earlier:
182/* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR"
183/* Skip SMTP servers that greet with a 4XX status code (go away, try
184/* again later).
185/* .PP
186/* Available in Postfix version 2.2 and later:
187/* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR"
188/* Lookup tables, indexed by the remote SMTP server address, with
189/* case insensitive lists of EHLO keywords (pipelining, starttls, auth,
190/* etc.) that the Postfix SMTP client will ignore in the EHLO response from a
191/* remote SMTP server.
192/* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR"
193/* A case insensitive list of EHLO keywords (pipelining, starttls,
194/* auth, etc.) that the Postfix SMTP client will ignore in the EHLO
195/* response from a remote SMTP server.
196/* .IP "\fBsmtp_generic_maps (empty)\fR"
197/* Optional lookup tables that perform address rewriting in the
198/* Postfix SMTP client, typically to transform a locally valid address into
199/* a globally valid address when sending mail across the Internet.
200/* .PP
201/* Available in Postfix version 2.2.9 and later:
202/* .IP "\fBsmtp_cname_overrides_servername (version dependent)\fR"
203/* When the remote SMTP servername is a DNS CNAME, replace the
204/* servername with the result from CNAME expansion for the purpose of
205/* logging, SASL password lookup, TLS
206/* policy decisions, or TLS certificate verification.
207/* .PP
208/* Available in Postfix version 2.3 and later:
209/* .IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR"
210/* Lookup tables, indexed by the remote LMTP server address, with
211/* case insensitive lists of LHLO keywords (pipelining, starttls,
212/* auth, etc.) that the Postfix LMTP client will ignore in the LHLO
213/* response
214/* from a remote LMTP server.
215/* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR"
216/* A case insensitive list of LHLO keywords (pipelining, starttls,
217/* auth, etc.) that the Postfix LMTP client will ignore in the LHLO
218/* response
219/* from a remote LMTP server.
220/* .PP
221/* Available in Postfix version 2.4.4 and later:
222/* .IP "\fBsend_cyrus_sasl_authzid (no)\fR"
223/* When authenticating to a remote SMTP or LMTP server with the
224/* default setting "no", send no SASL authoriZation ID (authzid); send
225/* only the SASL authentiCation ID (authcid) plus the authcid's password.
226/* .PP
227/* Available in Postfix version 2.5 and later:
228/* .IP "\fBsmtp_header_checks (empty)\fR"
229/* Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client.
230/* .IP "\fBsmtp_mime_header_checks (empty)\fR"
231/* Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP
232/* client.
233/* .IP "\fBsmtp_nested_header_checks (empty)\fR"
234/* Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP
235/* client.
236/* .IP "\fBsmtp_body_checks (empty)\fR"
237/* Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client.
238/* .PP
239/* Available in Postfix version 2.6 and later:
240/* .IP "\fBtcp_windowsize (0)\fR"
241/* An optional workaround for routers that break TCP window scaling.
242/* .PP
243/* Available in Postfix version 2.8 and later:
244/* .IP "\fBsmtp_dns_resolver_options (empty)\fR"
245/* DNS Resolver options for the Postfix SMTP client.
246/* .PP
247/* Available in Postfix version 2.9 and later:
248/* .IP "\fBsmtp_per_record_deadline (no)\fR"
249/* Change the behavior of the smtp_*_timeout time limits, from a
250/* time limit per read or write system call, to a time limit to send
251/* or receive a complete record (an SMTP command line, SMTP response
252/* line, SMTP message content line, or TLS protocol message).
253/* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
254/* Whether or not to append the "AUTH=<>" option to the MAIL
255/* FROM command in SASL-authenticated SMTP sessions.
256/* .PP
257/* Available in Postfix version 2.11 and later:
258/* .IP "\fBsmtp_dns_support_level (empty)\fR"
259/* Level of DNS support in the Postfix SMTP client.
260/* .PP
261/* Available in Postfix version 3.0 and later:
262/* .IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR"
263/* Optional filter for the \fBsmtp\fR(8) delivery agent to change the
264/* delivery status code or explanatory text of successful or unsuccessful
265/* deliveries.
266/* .IP "\fBsmtp_dns_reply_filter (empty)\fR"
267/* Optional filter for Postfix SMTP client DNS lookup results.
268/* MIME PROCESSING CONTROLS
269/* .ad
270/* .fi
271/* Available in Postfix version 2.0 and later:
272/* .IP "\fBdisable_mime_output_conversion (no)\fR"
273/* Disable the conversion of 8BITMIME format to 7BIT format.
274/* .IP "\fBmime_boundary_length_limit (2048)\fR"
275/* The maximal length of MIME multipart boundary strings.
276/* .IP "\fBmime_nesting_limit (100)\fR"
277/* The maximal recursion level that the MIME processor will handle.
278/* EXTERNAL CONTENT INSPECTION CONTROLS
279/* .ad
280/* .fi
281/* Available in Postfix version 2.1 and later:
282/* .IP "\fBsmtp_send_xforward_command (no)\fR"
283/* Send the non-standard XFORWARD command when the Postfix SMTP server
284/* EHLO response announces XFORWARD support.
285/* SASL AUTHENTICATION CONTROLS
286/* .ad
287/* .fi
288/* .IP "\fBsmtp_sasl_auth_enable (no)\fR"
289/* Enable SASL authentication in the Postfix SMTP client.
290/* .IP "\fBsmtp_sasl_password_maps (empty)\fR"
291/* Optional Postfix SMTP client lookup tables with one username:password
292/* entry per sender, remote hostname or next-hop domain.
293/* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
294/* Postfix SMTP client SASL security options; as of Postfix 2.3
295/* the list of available
296/* features depends on the SASL client implementation that is selected
297/* with \fBsmtp_sasl_type\fR.
298/* .PP
299/* Available in Postfix version 2.2 and later:
300/* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR"
301/* If non-empty, a Postfix SMTP client filter for the remote SMTP
302/* server's list of offered SASL mechanisms.
303/* .PP
304/* Available in Postfix version 2.3 and later:
305/* .IP "\fBsmtp_sender_dependent_authentication (no)\fR"
306/* Enable sender-dependent authentication in the Postfix SMTP client; this is
307/* available only with SASL authentication, and disables SMTP connection
308/* caching to ensure that mail from different senders will use the
309/* appropriate credentials.
310/* .IP "\fBsmtp_sasl_path (empty)\fR"
311/* Implementation-specific information that the Postfix SMTP client
312/* passes through to
313/* the SASL plug-in implementation that is selected with
314/* \fBsmtp_sasl_type\fR.
315/* .IP "\fBsmtp_sasl_type (cyrus)\fR"
316/* The SASL plug-in type that the Postfix SMTP client should use
317/* for authentication.
318/* .PP
319/* Available in Postfix version 2.5 and later:
320/* .IP "\fBsmtp_sasl_auth_cache_name (empty)\fR"
321/* An optional table to prevent repeated SASL authentication
322/* failures with the same remote SMTP server hostname, username and
323/* password.
324/* .IP "\fBsmtp_sasl_auth_cache_time (90d)\fR"
325/* The maximal age of an smtp_sasl_auth_cache_name entry before it
326/* is removed.
327/* .IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR"
328/* When a remote SMTP server rejects a SASL authentication request
329/* with a 535 reply code, defer mail delivery instead of returning
330/* mail as undeliverable.
331/* .PP
332/* Available in Postfix version 2.9 and later:
333/* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
334/* Whether or not to append the "AUTH=<>" option to the MAIL
335/* FROM command in SASL-authenticated SMTP sessions.
336/* STARTTLS SUPPORT CONTROLS
337/* .ad
338/* .fi
339/* Detailed information about STARTTLS configuration may be found
340/* in the TLS_README document.
341/* .IP "\fBsmtp_tls_security_level (empty)\fR"
342/* The default SMTP TLS security level for the Postfix SMTP client;
343/* when a non-empty value is specified, this overrides the obsolete
344/* parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
345/* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR"
346/* The SASL authentication security options that the Postfix SMTP
347/* client uses for TLS encrypted SMTP sessions.
348/* .IP "\fBsmtp_starttls_timeout (300s)\fR"
349/* Time limit for Postfix SMTP client write and read operations
350/* during TLS startup and shutdown handshake procedures.
351/* .IP "\fBsmtp_tls_CAfile (empty)\fR"
352/* A file containing CA certificates of root CAs trusted to sign
353/* either remote SMTP server certificates or intermediate CA certificates.
354/* .IP "\fBsmtp_tls_CApath (empty)\fR"
355/* Directory with PEM format Certification Authority certificates
356/* that the Postfix SMTP client uses to verify a remote SMTP server
357/* certificate.
358/* .IP "\fBsmtp_tls_cert_file (empty)\fR"
359/* File with the Postfix SMTP client RSA certificate in PEM format.
360/* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR"
361/* The minimum TLS cipher grade that the Postfix SMTP client will
362/* use with
363/* mandatory TLS encryption.
364/* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR"
365/* List of ciphers or cipher types to exclude from the Postfix
366/* SMTP client cipher
367/* list at all TLS security levels.
368/* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR"
369/* Additional list of ciphers or cipher types to exclude from the
370/* Postfix SMTP client cipher list at mandatory TLS security levels.
371/* .IP "\fBsmtp_tls_dcert_file (empty)\fR"
372/* File with the Postfix SMTP client DSA certificate in PEM format.
373/* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR"
374/* File with the Postfix SMTP client DSA private key in PEM format.
375/* .IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR"
376/* File with the Postfix SMTP client RSA private key in PEM format.
377/* .IP "\fBsmtp_tls_loglevel (0)\fR"
378/* Enable additional Postfix SMTP client logging of TLS activity.
379/* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR"
380/* Log the hostname of a remote SMTP server that offers STARTTLS,
381/* when TLS is not already enabled for that server.
382/* .IP "\fBsmtp_tls_policy_maps (empty)\fR"
383/* Optional lookup tables with the Postfix SMTP client TLS security
384/* policy by next-hop destination; when a non-empty value is specified,
385/* this overrides the obsolete smtp_tls_per_site parameter.
386/* .IP "\fBsmtp_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR"
387/* List of SSL/TLS protocols that the Postfix SMTP client will use with
388/* mandatory TLS encryption.
389/* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR"
390/* The verification depth for remote SMTP server certificates.
391/* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
392/* How the Postfix SMTP client verifies the server certificate
393/* peername for the "secure" TLS security level.
394/* .IP "\fBsmtp_tls_session_cache_database (empty)\fR"
395/* Name of the file containing the optional Postfix SMTP client
396/* TLS session cache.
397/* .IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR"
398/* The expiration time of Postfix SMTP client TLS session cache
399/* information.
400/* .IP "\fBsmtp_tls_verify_cert_match (hostname)\fR"
401/* How the Postfix SMTP client verifies the server certificate
402/* peername for the
403/* "verify" TLS security level.
404/* .IP "\fBtls_daemon_random_bytes (32)\fR"
405/* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
406/* process requests from the \fBtlsmgr\fR(8) server in order to seed its
407/* internal pseudo random number generator (PRNG).
408/* .IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
409/* The OpenSSL cipherlist for "high" grade ciphers.
410/* .IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
411/* The OpenSSL cipherlist for "medium" or higher grade ciphers.
412/* .IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
413/* The OpenSSL cipherlist for "low" or higher grade ciphers.
414/* .IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
415/* The OpenSSL cipherlist for "export" or higher grade ciphers.
416/* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
417/* The OpenSSL cipherlist for "NULL" grade ciphers that provide
418/* authentication without encryption.
419/* .PP
420/* Available in Postfix version 2.4 and later:
421/* .IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR"
422/* The SASL authentication security options that the Postfix SMTP
423/* client uses for TLS encrypted SMTP sessions with a verified server
424/* certificate.
425/* .PP
426/* Available in Postfix version 2.5 and later:
427/* .IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR"
428/* List of acceptable remote SMTP server certificate fingerprints for
429/* the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR =
430/* fingerprint).
431/* .IP "\fBsmtp_tls_fingerprint_digest (md5)\fR"
432/* The message digest algorithm used to construct remote SMTP server
433/* certificate fingerprints.
434/* .PP
435/* Available in Postfix version 2.6 and later:
436/* .IP "\fBsmtp_tls_protocols (!SSLv2, !SSLv3)\fR"
437/* List of TLS protocols that the Postfix SMTP client will exclude or
438/* include with opportunistic TLS encryption.
439/* .IP "\fBsmtp_tls_ciphers (medium)\fR"
440/* The minimum TLS cipher grade that the Postfix SMTP client
441/* will use with opportunistic TLS encryption.
442/* .IP "\fBsmtp_tls_eccert_file (empty)\fR"
443/* File with the Postfix SMTP client ECDSA certificate in PEM format.
444/* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR"
445/* File with the Postfix SMTP client ECDSA private key in PEM format.
446/* .PP
447/* Available in Postfix version 2.7 and later:
448/* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
449/* Try to detect a mail hijacking attack based on a TLS protocol
450/* vulnerability (CVE-2009-3555), where an attacker prepends malicious
451/* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
452/* .PP
453/* Available in Postfix version 2.8 and later:
454/* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
455/* List or bit-mask of OpenSSL bug work-arounds to disable.
456/* .PP
457/* Available in Postfix version 2.11 and later:
458/* .IP "\fBsmtp_tls_trust_anchor_file (empty)\fR"
459/* Zero or more PEM-format files with trust-anchor certificates
460/* and/or public keys.
461/* .IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR"
462/* Lookup the associated DANE TLSA RRset even when a hostname is
463/* not an alias and its address records lie in an unsigned zone.
464/* .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR"
465/* RFC 6698 trust-anchor digest support in the Postfix TLS library.
466/* .IP "\fBtlsmgr_service_name (tlsmgr)\fR"
467/* The name of the \fBtlsmgr\fR(8) service entry in master.cf.
468/* .PP
469/* Available in Postfix version 3.0 and later:
470/* .IP "\fBsmtp_tls_wrappermode (no)\fR"
471/* Request that the Postfix SMTP client connects using the
472/* legacy SMTPS protocol instead of using the STARTTLS command.
473/* .PP
474/* Available in Postfix version 3.1 and later:
475/* .IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR"
476/* The TLS policy for MX hosts with "secure" TLSA records when the
477/* nexthop destination security level is \fBdane\fR, but the MX
478/* record was found via an "insecure" MX lookup.
479/* OBSOLETE STARTTLS CONTROLS
480/* .ad
481/* .fi
482/* The following configuration parameters exist for compatibility
483/* with Postfix versions before 2.3. Support for these will
484/* be removed in a future release.
485/* .IP "\fBsmtp_use_tls (no)\fR"
486/* Opportunistic mode: use TLS when a remote SMTP server announces
487/* STARTTLS support, otherwise send the mail in the clear.
488/* .IP "\fBsmtp_enforce_tls (no)\fR"
489/* Enforcement mode: require that remote SMTP servers use TLS
490/* encryption, and never send mail in the clear.
491/* .IP "\fBsmtp_tls_enforce_peername (yes)\fR"
492/* With mandatory TLS encryption, require that the remote SMTP
493/* server hostname matches the information in the remote SMTP server
494/* certificate.
495/* .IP "\fBsmtp_tls_per_site (empty)\fR"
496/* Optional lookup tables with the Postfix SMTP client TLS usage
497/* policy by next-hop destination and by remote SMTP server hostname.
498/* .IP "\fBsmtp_tls_cipherlist (empty)\fR"
499/* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
500/* cipher list.
501/* RESOURCE AND RATE CONTROLS
502/* .ad
503/* .fi
504/* .IP "\fBsmtp_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
505/* The maximal number of parallel deliveries to the same destination
506/* via the smtp message delivery transport.
507/* .IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR"
508/* The maximal number of recipients per message for the smtp
509/* message delivery transport.
510/* .IP "\fBsmtp_connect_timeout (30s)\fR"
511/* The Postfix SMTP client time limit for completing a TCP connection, or
512/* zero (use the operating system built-in time limit).
513/* .IP "\fBsmtp_helo_timeout (300s)\fR"
514/* The Postfix SMTP client time limit for sending the HELO or EHLO command,
515/* and for receiving the initial remote SMTP server response.
516/* .IP "\fBlmtp_lhlo_timeout (300s)\fR"
517/* The Postfix LMTP client time limit for sending the LHLO command,
518/* and for receiving the initial remote LMTP server response.
519/* .IP "\fBsmtp_xforward_timeout (300s)\fR"
520/* The Postfix SMTP client time limit for sending the XFORWARD command,
521/* and for receiving the remote SMTP server response.
522/* .IP "\fBsmtp_mail_timeout (300s)\fR"
523/* The Postfix SMTP client time limit for sending the MAIL FROM command,
524/* and for receiving the remote SMTP server response.
525/* .IP "\fBsmtp_rcpt_timeout (300s)\fR"
526/* The Postfix SMTP client time limit for sending the SMTP RCPT TO
527/* command, and for receiving the remote SMTP server response.
528/* .IP "\fBsmtp_data_init_timeout (120s)\fR"
529/* The Postfix SMTP client time limit for sending the SMTP DATA command,
530/* and for receiving the remote SMTP server response.
531/* .IP "\fBsmtp_data_xfer_timeout (180s)\fR"
532/* The Postfix SMTP client time limit for sending the SMTP message content.
533/* .IP "\fBsmtp_data_done_timeout (600s)\fR"
534/* The Postfix SMTP client time limit for sending the SMTP ".", and
535/* for receiving the remote SMTP server response.
536/* .IP "\fBsmtp_quit_timeout (300s)\fR"
537/* The Postfix SMTP client time limit for sending the QUIT command,
538/* and for receiving the remote SMTP server response.
539/* .PP
540/* Available in Postfix version 2.1 and later:
541/* .IP "\fBsmtp_mx_address_limit (5)\fR"
542/* The maximal number of MX (mail exchanger) IP addresses that can
543/* result from Postfix SMTP client mail exchanger lookups, or zero (no
544/* limit).
545/* .IP "\fBsmtp_mx_session_limit (2)\fR"
546/* The maximal number of SMTP sessions per delivery request before
547/* the Postfix SMTP client
548/* gives up or delivers to a fall-back relay host, or zero (no
549/* limit).
550/* .IP "\fBsmtp_rset_timeout (20s)\fR"
551/* The Postfix SMTP client time limit for sending the RSET command,
552/* and for receiving the remote SMTP server response.
553/* .PP
554/* Available in Postfix version 2.2 and earlier:
555/* .IP "\fBlmtp_cache_connection (yes)\fR"
556/* Keep Postfix LMTP client connections open for up to $max_idle
557/* seconds.
558/* .PP
559/* Available in Postfix version 2.2 and later:
560/* .IP "\fBsmtp_connection_cache_destinations (empty)\fR"
561/* Permanently enable SMTP connection caching for the specified
562/* destinations.
563/* .IP "\fBsmtp_connection_cache_on_demand (yes)\fR"
564/* Temporarily enable SMTP connection caching while a destination
565/* has a high volume of mail in the active queue.
566/* .IP "\fBsmtp_connection_reuse_time_limit (300s)\fR"
567/* The amount of time during which Postfix will use an SMTP
568/* connection repeatedly.
569/* .IP "\fBsmtp_connection_cache_time_limit (2s)\fR"
570/* When SMTP connection caching is enabled, the amount of time that
571/* an unused SMTP client socket is kept open before it is closed.
572/* .PP
573/* Available in Postfix version 2.3 and later:
574/* .IP "\fBconnection_cache_protocol_timeout (5s)\fR"
575/* Time limit for connection cache connect, send or receive
576/* operations.
577/* .PP
578/* Available in Postfix version 2.9 and later:
579/* .IP "\fBsmtp_per_record_deadline (no)\fR"
580/* Change the behavior of the smtp_*_timeout time limits, from a
581/* time limit per read or write system call, to a time limit to send
582/* or receive a complete record (an SMTP command line, SMTP response
583/* line, SMTP message content line, or TLS protocol message).
584/* .PP
585/* Available in Postfix version 2.11 and later:
586/* .IP "\fBsmtp_connection_reuse_count_limit (0)\fR"
587/* When SMTP connection caching is enabled, the number of times
588/* that an SMTP session may be reused before it is closed, or zero (no
589/* limit).
590/* SMTPUTF8 CONTROLS
591/* .ad
592/* .fi
593/* Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
594/* .IP "\fBsmtputf8_enable (yes)\fR"
595/* Enable preliminary SMTPUTF8 support for the protocols described
596/* in RFC 6531..6533.
597/* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
598/* Detect that a message requires SMTPUTF8 support for the specified
599/* mail origin classes.
600/* TROUBLE SHOOTING CONTROLS
601/* .ad
602/* .fi
603/* .IP "\fBdebug_peer_level (2)\fR"
604/* The increment in verbose logging level when a remote client or
605/* server matches a pattern in the debug_peer_list parameter.
606/* .IP "\fBdebug_peer_list (empty)\fR"
607/* Optional list of remote client or server hostname or network
608/* address patterns that cause the verbose logging level to increase
609/* by the amount specified in $debug_peer_level.
610/* .IP "\fBerror_notice_recipient (postmaster)\fR"
611/* The recipient of postmaster notifications about mail delivery
612/* problems that are caused by policy, resource, software or protocol
613/* errors.
614/* .IP "\fBinternal_mail_filter_classes (empty)\fR"
615/* What categories of Postfix-generated mail are subject to
616/* before-queue content inspection by non_smtpd_milters, header_checks
617/* and body_checks.
618/* .IP "\fBnotify_classes (resource, software)\fR"
619/* The list of error classes that are reported to the postmaster.
620/* MISCELLANEOUS CONTROLS
621/* .ad
622/* .fi
623/* .IP "\fBbest_mx_transport (empty)\fR"
624/* Where the Postfix SMTP client should deliver mail when it detects
625/* a "mail loops back to myself" error condition.
626/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
627/* The default location of the Postfix main.cf and master.cf
628/* configuration files.
629/* .IP "\fBdaemon_timeout (18000s)\fR"
630/* How much time a Postfix daemon process may take to handle a
631/* request before it is terminated by a built-in watchdog timer.
632/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
633/* The maximal number of digits after the decimal point when logging
634/* sub-second delay values.
635/* .IP "\fBdisable_dns_lookups (no)\fR"
636/* Disable DNS lookups in the Postfix SMTP and LMTP clients.
637/* .IP "\fBinet_interfaces (all)\fR"
638/* The network interface addresses that this mail system receives
639/* mail on.
640/* .IP "\fBinet_protocols (all)\fR"
641/* The Internet protocols Postfix will attempt to use when making
642/* or accepting connections.
643/* .IP "\fBipc_timeout (3600s)\fR"
644/* The time limit for sending or receiving information over an internal
645/* communication channel.
646/* .IP "\fBlmtp_assume_final (no)\fR"
647/* When a remote LMTP server announces no DSN support, assume that
648/* the
649/* server performs final delivery, and send "delivered" delivery status
650/* notifications instead of "relayed".
651/* .IP "\fBlmtp_tcp_port (24)\fR"
652/* The default TCP port that the Postfix LMTP client connects to.
653/* .IP "\fBmax_idle (100s)\fR"
654/* The maximum amount of time that an idle Postfix daemon process waits
655/* for an incoming connection before terminating voluntarily.
656/* .IP "\fBmax_use (100)\fR"
657/* The maximal number of incoming connections that a Postfix daemon
658/* process will service before terminating voluntarily.
659/* .IP "\fBprocess_id (read-only)\fR"
660/* The process ID of a Postfix command or daemon process.
661/* .IP "\fBprocess_name (read-only)\fR"
662/* The process name of a Postfix command or daemon process.
663/* .IP "\fBproxy_interfaces (empty)\fR"
664/* The network interface addresses that this mail system receives mail
665/* on by way of a proxy or network address translation unit.
666/* .IP "\fBsmtp_address_preference (any)\fR"
667/* The address type ("ipv6", "ipv4" or "any") that the Postfix
668/* SMTP client will try first, when a destination has IPv6 and IPv4
669/* addresses with equal MX preference.
670/* .IP "\fBsmtp_bind_address (empty)\fR"
671/* An optional numerical network address that the Postfix SMTP client
672/* should bind to when making an IPv4 connection.
673/* .IP "\fBsmtp_bind_address6 (empty)\fR"
674/* An optional numerical network address that the Postfix SMTP client
675/* should bind to when making an IPv6 connection.
676/* .IP "\fBsmtp_helo_name ($myhostname)\fR"
677/* The hostname to send in the SMTP HELO or EHLO command.
678/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
679/* The hostname to send in the LMTP LHLO command.
680/* .IP "\fBsmtp_host_lookup (dns)\fR"
681/* What mechanisms the Postfix SMTP client uses to look up a host's
682/* IP address.
683/* .IP "\fBsmtp_randomize_addresses (yes)\fR"
684/* Randomize the order of equal-preference MX host addresses.
685/* .IP "\fBsyslog_facility (mail)\fR"
686/* The syslog facility of Postfix logging.
687/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
688/* The mail system name that is prepended to the process name in syslog
689/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
690/* .PP
691/* Available with Postfix 2.2 and earlier:
692/* .IP "\fBfallback_relay (empty)\fR"
693/* Optional list of relay hosts for SMTP destinations that can't be
694/* found or that are unreachable.
695/* .PP
696/* Available with Postfix 2.3 and later:
697/* .IP "\fBsmtp_fallback_relay ($fallback_relay)\fR"
698/* Optional list of relay hosts for SMTP destinations that can't be
699/* found or that are unreachable.
700/* .PP
701/* Available with Postfix 3.0 and later:
702/* .IP "\fBsmtp_address_verify_target (rcpt)\fR"
703/* In the context of email address verification, the SMTP protocol
704/* stage that determines whether an email address is deliverable.
705/* .PP
706/* Available with Postfix 3.1 and later:
707/* .IP "\fBlmtp_fallback_relay (empty)\fR"
708/* Optional list of relay hosts for LMTP destinations that can't be
709/* found or that are unreachable.
710/* SEE ALSO
711/* generic(5), output address rewriting
712/* header_checks(5), message header content inspection
713/* body_checks(5), body parts content inspection
714/* qmgr(8), queue manager
715/* bounce(8), delivery status reports
716/* scache(8), connection cache server
717/* postconf(5), configuration parameters
718/* master(5), generic daemon options
719/* master(8), process manager
720/* tlsmgr(8), TLS session and PRNG management
721/* syslogd(8), system logging
722/* README FILES
723/* .ad
724/* .fi
725/* Use "\fBpostconf readme_directory\fR" or
726/* "\fBpostconf html_directory\fR" to locate this information.
727/* .na
728/* .nf
729/* SASL_README, Postfix SASL howto
730/* TLS_README, Postfix STARTTLS howto
731/* LICENSE
732/* .ad
733/* .fi
734/* The Secure Mailer license must be distributed with this software.
735/* AUTHOR(S)
736/* Wietse Venema
737/* IBM T.J. Watson Research
738/* P.O. Box 704
739/* Yorktown Heights, NY 10598, USA
740/*
741/* Wietse Venema
742/* Google, Inc.
743/* 111 8th Avenue
744/* New York, NY 10011, USA
745/*
746/* Command pipelining in cooperation with:
747/* Jon Ribbens
748/* Oaktree Internet Solutions Ltd.,
749/* Internet House,
750/* Canal Basin,
751/* Coventry,
752/* CV1 4LY, United Kingdom.
753/*
754/* SASL support originally by:
755/* Till Franke
756/* SuSE Rhein/Main AG
757/* 65760 Eschborn, Germany
758/*
759/* TLS support originally by:
760/* Lutz Jaenicke
761/* BTU Cottbus
762/* Allgemeine Elektrotechnik
763/* Universitaetsplatz 3-4
764/* D-03044 Cottbus, Germany
765/*
766/* Revised TLS and SMTP connection cache support by:
767/* Victor Duchovni
768/* Morgan Stanley
769/*--*/
770
771/* System library. */
772
773#include <sys_defs.h>
774#include <unistd.h>
775#include <stdlib.h>
776#include <string.h>
777#include <fcntl.h>
778#include <dict.h>
779#include <stringops.h>
780
781/* Utility library. */
782
783#include <msg.h>
784#include <mymalloc.h>
785#include <name_mask.h>
786#include <name_code.h>
787
788/* Global library. */
789
790#include <deliver_request.h>
791#include <mail_params.h>
792#include <mail_version.h>
793#include <mail_conf.h>
794#include <debug_peer.h>
795#include <flush_clnt.h>
796#include <scache.h>
797#include <string_list.h>
798#include <maps.h>
799#include <ext_prop.h>
800
801/* DNS library. */
802
803#include <dns.h>
804
805/* Single server skeleton. */
806
807#include <mail_server.h>
808
809/* Application-specific. */
810
811#include "smtp.h"
812#include "smtp_sasl.h"
813
814 /*
815 * Tunable parameters. These have compiled-in defaults that can be overruled
816 * by settings in the global Postfix configuration file.
817 */
818int var_smtp_conn_tmout;
819int var_smtp_helo_tmout;
820int var_smtp_xfwd_tmout;
821int var_smtp_mail_tmout;
822int var_smtp_rcpt_tmout;
823int var_smtp_data0_tmout;
824int var_smtp_data1_tmout;
825int var_smtp_data2_tmout;
826int var_smtp_rset_tmout;
827int var_smtp_quit_tmout;
828char *var_inet_interfaces;
829char *var_notify_classes;
830int var_smtp_skip_5xx_greeting;
831int var_ign_mx_lookup_err;
832int var_skip_quit_resp;
833char *var_fallback_relay;
834char *var_bestmx_transp;
835char *var_error_rcpt;
836int var_smtp_always_ehlo;
837int var_smtp_never_ehlo;
838char *var_smtp_sasl_opts;
839char *var_smtp_sasl_path;
840char *var_smtp_sasl_passwd;
841bool var_smtp_sasl_enable;
842char *var_smtp_sasl_mechs;
843char *var_smtp_sasl_type;
844char *var_smtp_bind_addr;
845char *var_smtp_bind_addr6;
846char *var_smtp_vrfy_tgt;
847bool var_smtp_rand_addr;
848int var_smtp_pix_thresh;
849int var_queue_run_delay;
850int var_min_backoff_time;
851int var_smtp_pix_delay;
852int var_smtp_line_limit;
853char *var_smtp_helo_name;
854char *var_smtp_host_lookup;
855bool var_smtp_quote_821_env;
856bool var_smtp_defer_mxaddr;
857bool var_smtp_send_xforward;
858int var_smtp_mxaddr_limit;
859int var_smtp_mxsess_limit;
860int var_smtp_cache_conn;
861int var_smtp_reuse_time;
862int var_smtp_reuse_count;
863char *var_smtp_cache_dest;
864char *var_scache_service; /* You can now leave this here. */
865bool var_smtp_cache_demand;
866char *var_smtp_ehlo_dis_words;
867char *var_smtp_ehlo_dis_maps;
868char *var_smtp_addr_pref;
869
870char *var_smtp_tls_level;
871bool var_smtp_use_tls;
872bool var_smtp_enforce_tls;
873char *var_smtp_tls_per_site;
874char *var_smtp_tls_policy;
875bool var_smtp_tls_wrappermode;
876
877#ifdef USE_TLS
878char *var_smtp_sasl_tls_opts;
879char *var_smtp_sasl_tlsv_opts;
880int var_smtp_starttls_tmout;
881char *var_smtp_tls_CAfile;
882char *var_smtp_tls_CApath;
883char *var_smtp_tls_cert_file;
884char *var_smtp_tls_mand_ciph;
885char *var_smtp_tls_excl_ciph;
886char *var_smtp_tls_mand_excl;
887char *var_smtp_tls_dcert_file;
888char *var_smtp_tls_dkey_file;
889bool var_smtp_tls_enforce_peername;
890char *var_smtp_tls_key_file;
891char *var_smtp_tls_loglevel;
892bool var_smtp_tls_note_starttls_offer;
893char *var_smtp_tls_mand_proto;
894char *var_smtp_tls_sec_cmatch;
895int var_smtp_tls_scert_vd;
896char *var_smtp_tls_vfy_cmatch;
897char *var_smtp_tls_fpt_cmatch;
898char *var_smtp_tls_fpt_dgst;
899char *var_smtp_tls_tafile;
900char *var_smtp_tls_proto;
901char *var_smtp_tls_ciph;
902char *var_smtp_tls_eccert_file;
903char *var_smtp_tls_eckey_file;
904bool var_smtp_tls_blk_early_mail_reply;
905bool var_smtp_tls_force_tlsa;
906char *var_smtp_tls_insecure_mx_policy;
907
908#endif
909
910char *var_smtp_generic_maps;
911char *var_prop_extension;
912bool var_smtp_sender_auth;
913char *var_lmtp_tcp_port;
914int var_scache_proto_tmout;
915bool var_smtp_cname_overr;
916char *var_smtp_pix_bug_words;
917char *var_smtp_pix_bug_maps;
918char *var_cyrus_conf_path;
919char *var_smtp_head_chks;
920char *var_smtp_mime_chks;
921char *var_smtp_nest_chks;
922char *var_smtp_body_chks;
923char *var_smtp_resp_filter;
924bool var_lmtp_assume_final;
925char *var_smtp_dns_res_opt;
926char *var_smtp_dns_support;
927bool var_smtp_rec_deadline;
928bool var_smtp_dummy_mail_auth;
929char *var_smtp_dsn_filter;
930char *var_smtp_dns_re_filter;
931
932 /* Special handling of 535 AUTH errors. */
933char *var_smtp_sasl_auth_cache_name;
934int var_smtp_sasl_auth_cache_time;
935bool var_smtp_sasl_auth_soft_bounce;
936
937 /*
938 * Global variables.
939 */
940int smtp_mode;
941int smtp_host_lookup_mask;
942int smtp_dns_support;
943STRING_LIST *smtp_cache_dest;
944SCACHE *smtp_scache;
945MAPS *smtp_ehlo_dis_maps;
946MAPS *smtp_generic_maps;
947int smtp_ext_prop_mask;
948unsigned smtp_dns_res_opt;
949MAPS *smtp_pix_bug_maps;
950HBC_CHECKS *smtp_header_checks; /* limited header checks */
951HBC_CHECKS *smtp_body_checks; /* limited body checks */
952
953#ifdef USE_TLS
954
955 /*
956 * OpenSSL client state (opaque handle)
957 */
958TLS_APPL_STATE *smtp_tls_ctx;
959int smtp_tls_insecure_mx_policy;
960
961#endif
962
963 /*
964 * IPv6 preference.
965 */
966static int smtp_addr_pref;
967
968/* deliver_message - deliver message with extreme prejudice */
969
970static int deliver_message(const char *service, DELIVER_REQUEST *request)
971{
972 SMTP_STATE *state;
973 int result;
974
975 if (msg_verbose)
976 msg_info("deliver_message: from %s", request->sender);
977
978 /*
979 * Sanity checks. The smtp server is unprivileged and chrooted, so we can
980 * afford to distribute the data censoring code, instead of having it all
981 * in one place.
982 */
983 if (request->nexthop[0] == 0)
984 msg_fatal("empty nexthop hostname");
985 if (request->rcpt_list.len <= 0)
986 msg_fatal("recipient count: %d", request->rcpt_list.len);
987
988 /*
989 * Initialize. Bundle all information about the delivery request, so that
990 * we can produce understandable diagnostics when something goes wrong
991 * many levels below. The alternative would be to make everything global.
992 */
993 state = smtp_state_alloc();
994 state->request = request;
995 state->src = request->fp;
996 state->service = service;
997 state->misc_flags |= smtp_addr_pref;
998 SMTP_RCPT_INIT(state);
999
1000 /*
1001 * Establish an SMTP session and deliver this message to all requested
1002 * recipients. At the end, notify the postmaster of any protocol errors.
1003 * Optionally deliver mail locally when this machine is the best mail
1004 * exchanger.
1005 */
1006 result = smtp_connect(state);
1007
1008 /*
1009 * Clean up.
1010 */
1011 smtp_state_free(state);
1012
1013 return (result);
1014}
1015
1016/* smtp_service - perform service for client */
1017
1018static void smtp_service(VSTREAM *client_stream, char *service, char **argv)
1019{
1020 DELIVER_REQUEST *request;
1021 int status;
1022
1023 /*
1024 * Sanity check. This service takes no command-line arguments.
1025 */
1026 if (argv[0])
1027 msg_fatal("unexpected command-line argument: %s", argv[0]);
1028
1029 /*
1030 * This routine runs whenever a client connects to the UNIX-domain socket
1031 * dedicated to remote SMTP delivery service. What we see below is a
1032 * little protocol to (1) tell the queue manager that we are ready, (2)
1033 * read a request from the queue manager, and (3) report the completion
1034 * status of that request. All connection-management stuff is handled by
1035 * the common code in single_server.c.
1036 */
1037 if ((request = deliver_request_read(client_stream)) != 0) {
1038 status = deliver_message(service, request);
1039 deliver_request_done(client_stream, request, status);
1040 }
1041}
1042
1043/* post_init - post-jail initialization */
1044
1045static void post_init(char *unused_name, char **unused_argv)
1046{
1047 static const NAME_MASK lookup_masks[] = {
1048 SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS,
1049 SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE,
1050 0,
1051 };
1052 static const NAME_MASK dns_res_opt_masks[] = {
1053 SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES,
1054 SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH,
1055 0,
1056 };
1057 static const NAME_CODE dns_support[] = {
1058 SMTP_DNS_SUPPORT_DISABLED, SMTP_DNS_DISABLED,
1059 SMTP_DNS_SUPPORT_ENABLED, SMTP_DNS_ENABLED,
1060#if (RES_USE_DNSSEC != 0) && (RES_USE_EDNS0 != 0)
1061 SMTP_DNS_SUPPORT_DNSSEC, SMTP_DNS_DNSSEC,
1062#endif
1063 0, SMTP_DNS_INVALID,
1064 };
1065
1066 if (*var_smtp_dns_support == 0) {
1067 /* Backwards compatible empty setting */
1068 smtp_dns_support =
1069 var_disable_dns ? SMTP_DNS_DISABLED : SMTP_DNS_ENABLED;
1070 } else {
1071 smtp_dns_support =
1072 name_code(dns_support, NAME_CODE_FLAG_NONE, var_smtp_dns_support);
1073 if (smtp_dns_support == SMTP_DNS_INVALID)
1074 msg_fatal("invalid %s: \"%s\"", VAR_LMTP_SMTP(DNS_SUPPORT),
1075 var_smtp_dns_support);
1076 var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED);
1077 }
1078
1079#ifdef USE_TLS
1080 if (smtp_mode) {
1081 smtp_tls_insecure_mx_policy =
1082 tls_level_lookup(var_smtp_tls_insecure_mx_policy);
1083 switch (smtp_tls_insecure_mx_policy) {
1084 case TLS_LEV_MAY:
1085 case TLS_LEV_ENCRYPT:
1086 case TLS_LEV_DANE:
1087 break;
1088 default:
1089 msg_fatal("invalid %s: \"%s\"", VAR_SMTP_TLS_INSECURE_MX_POLICY,
1090 var_smtp_tls_insecure_mx_policy);
1091 }
1092 }
1093#endif
1094
1095 /*
1096 * Select hostname lookup mechanisms.
1097 */
1098 if (smtp_dns_support == SMTP_DNS_DISABLED)
1099 smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE;
1100 else
1101 smtp_host_lookup_mask =
1102 name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks,
1103 var_smtp_host_lookup);
1104 if (msg_verbose)
1105 msg_info("host name lookup methods: %s",
1106 str_name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks,
1107 smtp_host_lookup_mask));
1108
1109 /*
1110 * Session cache instance.
1111 */
1112 if (*var_smtp_cache_dest || var_smtp_cache_demand)
1113#if 0
1114 smtp_scache = scache_multi_create();
1115#else
1116 smtp_scache = scache_clnt_create(var_scache_service,
1117 var_scache_proto_tmout,
1118 var_ipc_idle_limit,
1119 var_ipc_ttl_limit);
1120#endif
1121
1122 /*
1123 * Select DNS query flags.
1124 */
1125 smtp_dns_res_opt = name_mask(VAR_LMTP_SMTP(DNS_RES_OPT), dns_res_opt_masks,
1126 var_smtp_dns_res_opt);
1127
1128 /*
1129 * Address verification.
1130 */
1131 smtp_vrfy_init();
1132}
1133
1134/* pre_init - pre-jail initialization */
1135
1136static void pre_init(char *unused_name, char **unused_argv)
1137{
1138 int use_tls;
1139 static const NAME_CODE addr_pref_map[] = {
1140 INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6,
1141 INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4,
1142 INET_PROTO_NAME_ANY, 0,
1143 0, -1,
1144 };
1145
1146 /*
1147 * Turn on per-peer debugging.
1148 */
1149 debug_peer_init();
1150
1151 /*
1152 * SASL initialization.
1153 */
1154 if (var_smtp_sasl_enable)
1155#ifdef USE_SASL_AUTH
1156 smtp_sasl_initialize();
1157#else
1158 msg_warn("%s is true, but SASL support is not compiled in",
1159 VAR_LMTP_SMTP(SASL_ENABLE));
1160#endif
1161
1162 if (*var_smtp_tls_level != 0)
1163#ifdef USE_TLS
1164 switch (tls_level_lookup(var_smtp_tls_level)) {
1165 case TLS_LEV_SECURE:
1166 case TLS_LEV_VERIFY:
1167 case TLS_LEV_DANE_ONLY:
1168 case TLS_LEV_FPRINT:
1169 case TLS_LEV_ENCRYPT:
1170 var_smtp_use_tls = var_smtp_enforce_tls = 1;
1171 break;
1172 case TLS_LEV_DANE:
1173 case TLS_LEV_MAY:
1174 var_smtp_use_tls = 1;
1175 var_smtp_enforce_tls = 0;
1176 break;
1177 case TLS_LEV_NONE:
1178 var_smtp_use_tls = var_smtp_enforce_tls = 0;
1179 break;
1180 default:
1181 /* tls_level_lookup() logs no warning. */
1182 /* session_tls_init() assumes that var_smtp_tls_level is sane. */
1183 msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level);
1184 }
1185#endif
1186 use_tls = (var_smtp_use_tls || var_smtp_enforce_tls);
1187
1188 /*
1189 * Initialize the TLS data before entering the chroot jail
1190 */
1191 if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
1192#ifdef USE_TLS
1193 TLS_CLIENT_INIT_PROPS props;
1194
1195 /*
1196 * We get stronger type safety and a cleaner interface by combining
1197 * the various parameters into a single tls_client_props structure.
1198 *
1199 * Large parameter lists are error-prone, so we emulate a language
1200 * feature that C does not have natively: named parameter lists.
1201 */
1202 smtp_tls_ctx =
1203 TLS_CLIENT_INIT(&props,
1204 log_param = VAR_LMTP_SMTP(TLS_LOGLEVEL),
1205 log_level = var_smtp_tls_loglevel,
1206 verifydepth = var_smtp_tls_scert_vd,
1207 cache_type = LMTP_SMTP_SUFFIX(TLS_MGR_SCACHE),
1208 cert_file = var_smtp_tls_cert_file,
1209 key_file = var_smtp_tls_key_file,
1210 dcert_file = var_smtp_tls_dcert_file,
1211 dkey_file = var_smtp_tls_dkey_file,
1212 eccert_file = var_smtp_tls_eccert_file,
1213 eckey_file = var_smtp_tls_eckey_file,
1214 CAfile = var_smtp_tls_CAfile,
1215 CApath = var_smtp_tls_CApath,
1216 mdalg = var_smtp_tls_fpt_dgst);
1217 smtp_tls_list_init();
1218#else
1219 msg_warn("TLS has been selected, but TLS support is not compiled in");
1220#endif
1221 }
1222
1223 /*
1224 * Flush client.
1225 */
1226 flush_init();
1227
1228 /*
1229 * Session cache domain list.
1230 */
1231 if (*var_smtp_cache_dest)
1232 smtp_cache_dest = string_list_init(VAR_SMTP_CACHE_DEST,
1233 MATCH_FLAG_RETURN,
1234 var_smtp_cache_dest);
1235
1236 /*
1237 * EHLO keyword filter.
1238 */
1239 if (*var_smtp_ehlo_dis_maps)
1240 smtp_ehlo_dis_maps = maps_create(VAR_LMTP_SMTP(EHLO_DIS_MAPS),
1241 var_smtp_ehlo_dis_maps,
1242 DICT_FLAG_LOCK);
1243
1244 /*
1245 * PIX bug workarounds.
1246 */
1247 if (*var_smtp_pix_bug_maps)
1248 smtp_pix_bug_maps = maps_create(VAR_LMTP_SMTP(PIX_BUG_MAPS),
1249 var_smtp_pix_bug_maps,
1250 DICT_FLAG_LOCK);
1251
1252 /*
1253 * Generic maps.
1254 */
1255 if (*var_prop_extension)
1256 smtp_ext_prop_mask =
1257 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
1258 if (*var_smtp_generic_maps)
1259 smtp_generic_maps =
1260 maps_create(VAR_LMTP_SMTP(GENERIC_MAPS), var_smtp_generic_maps,
1261 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
1262 | DICT_FLAG_UTF8_REQUEST);
1263
1264 /*
1265 * Header/body checks.
1266 */
1267 smtp_header_checks = hbc_header_checks_create(
1268 VAR_LMTP_SMTP(HEAD_CHKS), var_smtp_head_chks,
1269 VAR_LMTP_SMTP(MIME_CHKS), var_smtp_mime_chks,
1270 VAR_LMTP_SMTP(NEST_CHKS), var_smtp_nest_chks,
1271 smtp_hbc_callbacks);
1272 smtp_body_checks = hbc_body_checks_create(
1273 VAR_LMTP_SMTP(BODY_CHKS), var_smtp_body_chks,
1274 smtp_hbc_callbacks);
1275
1276 /*
1277 * Server reply filter.
1278 */
1279 if (*var_smtp_resp_filter)
1280 smtp_chat_resp_filter =
1281 dict_open(var_smtp_resp_filter, O_RDONLY,
1282 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
1283
1284 /*
1285 * Address family preference.
1286 */
1287 if (*var_smtp_addr_pref) {
1288 smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE,
1289 var_smtp_addr_pref);
1290 if (smtp_addr_pref < 0)
1291 msg_fatal("bad %s value: %s", VAR_LMTP_SMTP(ADDR_PREF),
1292 var_smtp_addr_pref);
1293 }
1294
1295 /*
1296 * DNS reply filter.
1297 */
1298 if (*var_smtp_dns_re_filter)
1299 dns_rr_filter_compile(VAR_LMTP_SMTP(DNS_RE_FILTER),
1300 var_smtp_dns_re_filter);
1301}
1302
1303/* pre_accept - see if tables have changed */
1304
1305static void pre_accept(char *unused_name, char **unused_argv)
1306{
1307 const char *table;
1308
1309 if ((table = dict_changed_name()) != 0) {
1310 msg_info("table %s has changed -- restarting", table);
1311 exit(0);
1312 }
1313}
1314
1315MAIL_VERSION_STAMP_DECLARE;
1316
1317/* main - pass control to the single-threaded skeleton */
1318
1319int main(int argc, char **argv)
1320{
1321 char *sane_procname;
1322
1323#include "smtp_params.c"
1324#include "lmtp_params.c"
1325
1326 /*
1327 * Fingerprint executables and core dumps.
1328 */
1329 MAIL_VERSION_STAMP_ALLOCATE;
1330
1331 /*
1332 * XXX At this point, var_procname etc. are not initialized.
1333 *
1334 * The process name, "smtp" or "lmtp", determines the protocol, the DSN
1335 * server reply type, SASL service information lookup, and more. Prepare
1336 * for the possibility there may be another personality.
1337 */
1338 sane_procname = sane_basename((VSTRING *) 0, argv[0]);
1339 if (strcmp(sane_procname, "smtp") == 0)
1340 smtp_mode = 1;
1341 else if (strcmp(sane_procname, "lmtp") == 0)
1342 smtp_mode = 0;
1343 else
1344 msg_fatal("unexpected process name \"%s\" - "
1345 "specify \"smtp\" or \"lmtp\"", var_procname);
1346
1347 /*
1348 * Initialize with the LMTP or SMTP parameter name space.
1349 */
1350 single_server_main(argc, argv, smtp_service,
1351 CA_MAIL_SERVER_TIME_TABLE(smtp_mode ?
1352 smtp_time_table : lmtp_time_table),
1353 CA_MAIL_SERVER_INT_TABLE(smtp_mode ?
1354 smtp_int_table : lmtp_int_table),
1355 CA_MAIL_SERVER_STR_TABLE(smtp_mode ?
1356 smtp_str_table : lmtp_str_table),
1357 CA_MAIL_SERVER_BOOL_TABLE(smtp_mode ?
1358 smtp_bool_table : lmtp_bool_table),
1359 CA_MAIL_SERVER_PRE_INIT(pre_init),
1360 CA_MAIL_SERVER_POST_INIT(post_init),
1361 CA_MAIL_SERVER_PRE_ACCEPT(pre_accept),
1362 CA_MAIL_SERVER_BOUNCE_INIT(VAR_SMTP_DSN_FILTER,
1363 &var_smtp_dsn_filter),
1364 0);
1365}
1366